Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3393

Опубликовано: 11 фев. 2021
Источник: redhat
CVSS3: 3.1
EPSS Низкий

Описание

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

An information leak was discovered in postgresql. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of QuarkuspostgresqlNot affected
Red Hat Decision Manager 7postgresqlNot affected
Red Hat Enterprise Linux 6postgresqlNot affected
Red Hat Enterprise Linux 7postgresqlNot affected
Red Hat Enterprise Linux 8libpqNot affected
Red Hat Enterprise Linux 8postgresql:10/postgresqlNot affected
Red Hat Enterprise Linux 8postgresql:9.6/postgresqlNot affected
Red Hat Enterprise Linux 9postgresqlNot affected
Red Hat Fuse 7postgresqlNot affected
Red Hat JBoss Enterprise Application Platform 6postgresqlNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-209
https://bugzilla.redhat.com/show_bug.cgi?id=1924005postgresql: Partition constraint violation errors leak values of denied columns

EPSS

Процентиль: 35%
0.00143
Низкий

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3393

CVSS3: 4.3
ubuntu
больше 4 лет назад

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

nvd логотип

CVE-2021-3393

CVSS3: 4.3
nvd
больше 4 лет назад

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.

debian логотип

CVE-2021-3393

CVSS3: 4.3
debian
больше 4 лет назад

An information leak was discovered in postgresql in versions before 13 ...

suse-cvrf логотип

openSUSE-SU-2021:0423-1

suse-cvrf
больше 4 лет назад

Security update for postgresql12

suse-cvrf логотип

SUSE-SU-2021:0695-1

suse-cvrf
больше 4 лет назад

Security update for postgresql12

EPSS

Процентиль: 35%
0.00143
Низкий

3.1 Low

CVSS3